So I am playing with Trojan Simulator. I downloaded it to my desktop but didn’t unzip it. I did an in depth analysis with NOD and it doesn’t find anything. If I use the scan control to scan C drive using the clean button it finds it on the desktop and in Firefox cache but is unable to clean it. I have nod on demand scanner set to clean automatically, if that doesn’t work to prompt for an action. When I get a prompt it says the only option is to leave. Do I have something setup wrong? It doesn’t seem logical that NOD would have a hard time with a file that is so easy to delete. I can run a scan with TDS-3 and it has no problem finding and deleting the file.

For the moment, NOD32 can¡t clean or delete files that are compressed in formats like RAR and ZIP.
Note: In order to detect simulations like that (not Eicar), you need to enable potentially dangerous applications detections in the Scanner.

{QUOTE-> So I am playing with Trojan Simulator. I downloaded it to my desktop but didn’t unzip it. I did an in depth analysis with NOD and it doesn’t find anything. If I use the scan control to scan C drive using the clean button it finds it on the desktop and in Firefox cache but is unable to clean it. I have nod on demand scanner set to clean automatically, if that doesn’t work to prompt for an action. When I get a prompt it says the only option is to leave. Do I have something setup wrong? It doesn’t seem logical that NOD would have a hard time with a file that is so easy to delete. I can run a scan with TDS-3 and it has no problem finding and deleting the file. <-QUOTE}

Itdetected it just fine. I was just curious why it wouldn’t delete it. Thanx

Run a "clean" scan from the on demand module. NOD will ask you to restart and trojan simulator will be gone.

I did that. The only option it gave me was to leave.

Right click in the on demand window on the red warning and select delete.

I'll post three screenshots.

-------------

---------------

Thanx ronjor I will try that.

When I right click on the scanning log for the on demand scanner it only gives me 2 options. The first is clear log, the middle one is clean greyed out. The last one is clear log.

Is this because it is still zipped up?

Divedog

The screenshots I showed had Trojan Simulator actually in memory.

I believe what you are talking about is Trojan Simulator still in the zip file.

It is harmless while still in the zip file.

Since NOD doesn't unzip each and every file to clean, the option would be to leave.

As you know the location of the file, simply delete it.

http://www.nod32.com/scriptless/support/ans/9k.htm